OpenVPN and OpenSSL 0.9.7 was: Re: Integration of AES algorith to OpenSSL Crypto library
So, I need to know the process of integration of new cipher to Crypto library. I've tried to place the directory with new cipher (aes) inside of the crypto directory, modified root Makefile.ssl and crypto/Makefile.ssl however it seems that it is not enough - new codec does not appear in the list of supported codecs of openvpn executable. Ask the author, James Yonan, he is around on this list. And with him around asking about EVP-problems I am would guess that he already nailed down the problem with 0.9.7. OpenVPN uses the cipher-independent EVP layer of OpenSSL as an interface to the symmetric cipher algorithms. In the current 0.9.7 snapshot, the EVP API has been modified so it is incompatible with 0.9.6 -- this is probably the cause of the crash. I had the same result when I tried to test OpenVPN with 0.9.7 and AES-256. I know there's some discussion going on about fixing this, so the EVP API stays compatible. If you need something right now, I have a simple patch for 0.9.7 which will restore the 0.9.6 EVP behavior. When I applied this patch, OpenVPN ran fine with 0.9.7 and the AES-256 cipher. James Yonan OpenVPN developer http://openvpn.sourceforge.net/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenVPN and OpenSSL 0.9.7 was: Re: Integration of AES algorith to OpenSSL Crypto library
Hello James, Right now I was writing a letter to you with the question regarding integration of openvpn and openssl 0.9.7 .:). I'll be glad to receive such patch because I need to integrate AES algorithm to openvpn (my boss requested this). Thanks, in advance. Ildar. PS. Is the patch only for AES 256 and does not work for AES128 and AES192 ? - Original Message - From: James Yonan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, May 03, 2002 7:09 PM Subject: OpenVPN and OpenSSL 0.9.7 was: Re: Integration of AES algorith to OpenSSL Crypto library So, I need to know the process of integration of new cipher to Crypto library. I've tried to place the directory with new cipher (aes) inside of the crypto directory, modified root Makefile.ssl and crypto/Makefile.ssl however it seems that it is not enough - new codec does not appear in the list of supported codecs of openvpn executable. Ask the author, James Yonan, he is around on this list. And with him around asking about EVP-problems I am would guess that he already nailed down the problem with 0.9.7. OpenVPN uses the cipher-independent EVP layer of OpenSSL as an interface to the symmetric cipher algorithms. In the current 0.9.7 snapshot, the EVP API has been modified so it is incompatible with 0.9.6 -- this is probably the cause of the crash. I had the same result when I tried to test OpenVPN with 0.9.7 and AES-256. I know there's some discussion going on about fixing this, so the EVP API stays compatible. If you need something right now, I have a simple patch for 0.9.7 which will restore the 0.9.6 EVP behavior. When I applied this patch, OpenVPN ran fine with 0.9.7 and the AES-256 cipher. James Yonan OpenVPN developer http://openvpn.sourceforge.net/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenVPN and OpenSSL 0.9.7 was: Re: Integration of AES algorith to OpenSSL Crypto library
From: James Yonan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Copies to: [EMAIL PROTECTED] Subject:OpenVPN and OpenSSL 0.9.7 was: Re: Integration of AES algorith to OpenSSL Crypto library Date sent: Fri, 3 May 2002 09:09:01 -0600 Send reply to: [EMAIL PROTECTED] I know this may sound simplistic, but since you are the author of OpenVPN, why don't you make a simple check for the OpenSSL version and use 0.9.7 the way it was designed to be used. If the check indicates you are using 0.9.6, use the method you currently use. One of the developers commented recently that OpenSSL has a *LOT* of overhead, both in size and complexity, just to try to keep everyone happy. Ken So, I need to know the process of integration of new cipher to Crypto library. I've tried to place the directory with new cipher (aes) inside of the crypto directory, modified root Makefile.ssl and crypto/Makefile.ssl however it seems that it is not enough - new codec does not appear in the list of supported codecs of openvpn executable. Ask the author, James Yonan, he is around on this list. And with him around asking about EVP-problems I am would guess that he already nailed down the problem with 0.9.7. OpenVPN uses the cipher-independent EVP layer of OpenSSL as an interface to the symmetric cipher algorithms. In the current 0.9.7 snapshot, the EVP API has been modified so it is incompatible with 0.9.6 -- this is probably the cause of the crash. I had the same result when I tried to test OpenVPN with 0.9.7 and AES-256. I know there's some discussion going on about fixing this, so the EVP API stays compatible. If you need something right now, I have a simple patch for 0.9.7 which will restore the 0.9.6 EVP behavior. When I applied this patch, OpenVPN ran fine with 0.9.7 and the AES-256 cipher. James Yonan OpenVPN developer http://openvpn.sourceforge.net/ __ OpenSSL Project http://www.openssl.org Development Mailing List openssl- [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] _ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542, International 281-560-9170 [EMAIL PROTECTED] http://www.securenetterm.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenVPN and OpenSSL 0.9.7 was: Re: Integration of AES algorith to OpenSSL Crypto library
On Fri, May 03, 2002 at 09:09:01AM -0600, James Yonan wrote: So, I need to know the process of integration of new cipher to Crypto library. I've tried to place the directory with new cipher (aes) inside of the crypto directory, modified root Makefile.ssl and crypto/Makefile.ssl however it seems that it is not enough - new codec does not appear in the list of supported codecs of openvpn executable. Ask the author, James Yonan, he is around on this list. And with him around asking about EVP-problems I am would guess that he already nailed down the problem with 0.9.7. OpenVPN uses the cipher-independent EVP layer of OpenSSL as an interface to the symmetric cipher algorithms. In the current 0.9.7 snapshot, the EVP API has been modified so it is incompatible with 0.9.6 -- this is probably the cause of the crash. I had the same result when I tried to test OpenVPN with 0.9.7 and AES-256. I know there's some discussion going on about fixing this, so the EVP API stays compatible. If you need something right now, I have a simple patch for 0.9.7 which will restore the 0.9.6 EVP behavior. When I applied this patch, OpenVPN ran fine with 0.9.7 and the AES-256 cipher. The following statement is not an official announcement: * We intended to put 0.9.7 into beta this week. We failed to keep this schedule. * Nevertheless 0.9.7 beta is due in the next days and a treatment of the problem will be included, most likely the old behaviour will be restored. So I would simply recommed to stay patient for the next hours/days. I didn't want to speak up before we have agreed on an official position (and my statement here still has a (quite) small risk of being wrong), but as discussion here becomes that intensive, I felt obligued to give a statement. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenVPN and OpenSSL 0.9.7 was: Re: Integration of AES algorith to OpenSSL Crypto library
I know this may sound simplistic, but since you are the author of OpenVPN, why don't you make a simple check for the OpenSSL version and use 0.9.7 the way it was designed to be used. If the check indicates you are using 0.9.6, use the method you currently use. Actually OpenVPN 1.1.1 already has the necessary #ifdefs to work with both 0.9.6 and 0.9.7 except for this EVP problem which is non-trivial to work around. Given that 0.9.7 is pre-beta at this point and the EVP issue is currently under discussion, I think it makes sense to wait for the beta release and take it from there. James Yonan OpenVPN developer http://openvpn.sourceforge.net/ __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Integration of AES algorith to OpenSSL Crypto library
On Thu, May 02, 2002 at 04:33:54PM +0400, Ildar Gabdulline wrote: I have one question regarding internals of OpenSSL Crypto library. The situation is as follows: I am going to integrate AES cipher to OpenSSL Crypto library. Regarding of AES algorithm implemnetation - we have the following functions: //rijndael_setup() should be called at startup of the program void rijndael_setup(RIJNDAEL_context *ctx, size_t keysize, const UINT8 *key); //rijndael_encrypt() should be called for every 16 bytes of the stream to be encrypted void rijndael_encrypt(RIJNDAEL_context *context, const UINT8 *plaintext, UINT8 *ciphertext); //rijndael_decrypt() should be called for every 16 bytes of the stream to be decrypted void rijndael_decrypt(RIJNDAEL_context *context, const UINT8 *ciphertext, UINT8 *plaintext); The question: Is anybody here who can provide me some guidelines on the integration of AES cipher to OpenSSL Crypto library ? What files should be changed/customized ? Have a look into the upcoming 0.9.7 version of OpenSSL. AES is integrated into it. Just do it the same way we did it. Hmm, or even just stop wasting your time, because it is already in there :-) Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Integration of AES algorith to OpenSSL Crypto library
Yes, I've got recent 0.9.7 snapshot but openvpn crashes when I link it with the snapshot. I am going to minimize scope of the problem as follows: 1. get stable 0.9.6 release 2. get only AES code and integrate it to 0.9.6 So, I need to know the process of integration of new cipher to Crypto library. I've tried to place the directory with new cipher (aes) inside of the crypto directory, modified root Makefile.ssl and crypto/Makefile.ssl however it seems that it is not enough - new codec does not appear in the list of supported codecs of openvpn executable. So, Is there some HOWTO and another document that shows the process of integration of new codec to Crypto library ? Thanks, in advance. Ildar. - Original Message - From: Richard Levitte - VMS Whacker [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, May 02, 2002 5:09 PM Subject: Re: Integration of AES algorith to OpenSSL Crypto library Uhmm, have you considered looking at recent snapshots? In message 017001c1f1d5$a102fc20$[EMAIL PROTECTED] on Thu, 2 May 2002 16:33:54 +0400, Ildar Gabdulline [EMAIL PROTECTED] said: ildar Hi, ildar ildar I have one question regarding internals of OpenSSL Crypto library. ildar ildar ildar - --- ildar The situation is as follows: ildar ildar I am going to integrate AES cipher to OpenSSL Crypto library. ildar Regarding of AES algorithm implemnetation - we have the following functions: ildar file://rijndael_setup() should be called at startup of the program ildar void rijndael_setup(RIJNDAEL_context *ctx, size_t keysize, const UINT8 *key); ildar file://rijndael_encrypt() should be called for every 16 bytes of the stream to be encrypted ildar void rijndael_encrypt(RIJNDAEL_context *context, const UINT8 *plaintext, UINT8 *ciphertext); ildar file://rijndael_decrypt() should be called for every 16 bytes of the stream to be decrypted ildar void rijndael_decrypt(RIJNDAEL_context *context, const UINT8 *ciphertext, UINT8 *plaintext); ildar ildar ildar - --- ildar ildar The question: ildar ildar Is anybody here who can provide me some guidelines on the integration of AES cipher to OpenSSL Crypto library ? ildar What files should be changed/customized ? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Integration of AES algorith to OpenSSL Crypto library
On Thu, May 02, 2002 at 11:51:49PM +0400, Ildar Gabdulline wrote: I've got recent 0.9.7 snapshot but openvpn crashes when I link it with the snapshot. I am going to minimize scope of the problem as follows: 1. get stable 0.9.6 release 2. get only AES code and integrate it to 0.9.6 OpenSSL 0.9.7 will go beta soon. We intended to start beta this week, but we probably won't manage it before the weekend, so it will become next week. The problem with openvpn thus has to be resolved in the next weeks anyway, so I would rather suppose to spend your time in this direction. So, I need to know the process of integration of new cipher to Crypto library. I've tried to place the directory with new cipher (aes) inside of the crypto directory, modified root Makefile.ssl and crypto/Makefile.ssl however it seems that it is not enough - new codec does not appear in the list of supported codecs of openvpn executable. Ask the author, James Yonan, he is around on this list. And with him around asking about EVP-problems I am would guess that he already nailed down the problem with 0.9.7. Best regards, Lutz PS. Look out for OpenSSL_add_all_ciphers() to get an idea on what might be missing when integrating a new cipher. -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Integration of AES algorith to OpenSSL Crypto library
Thus spake Ildar Gabdulline: Yes, I've got recent 0.9.7 snapshot but openvpn crashes when I link it with the snapshot. I am going to minimize scope of the problem as follows: 1. get stable 0.9.6 release 2. get only AES code and integrate it to 0.9.6 Perhaps you should figure out why openvpn is crashing instead of trying to re-do work which has already been done. AES is already integrated, so if there's a bug, let us know and we'll fix it. S -- Stephen Sprunk So long as they don't get violent, I want to CCIE #3723 let everyone say what they wish, for I myself have K5SSSalways said exactly what pleased me. --Albert Einstein __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]